File credential resolver now supports encrypted pkcs8 keys in PEM.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@807 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/data/credentials12.xml b/data/credentials12.xml
new file mode 100644 (file)
index 0000000..60fdb2a
--- /dev/null
+++ b/data/credentials12.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Credentials xmlns="urn:mace:shibboleth:credentials:1.0" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:mace:shibboleth:credentials:1.0 credentials.xsd">
+       
+       <FileResolver Id="test">
+               <Certificate format="PEM">
+                       <Path>/conf/test.pemcrt</Path>
+               </Certificate>
+               <Key format="PEM" password="test123">
+                       <Path>/conf/test.pkcs8.enc.pemkey</Path>
+               </Key>
+       </FileResolver>
+</Credentials>
\ No newline at end of file

diff --git a/src/edu/internet2/middleware/shibboleth/common/Credentials.java b/src/edu/internet2/middleware/shibboleth/common/Credentials.java
index 15faea6..7780df0 100644 (file)
--- a/src/edu/internet2/middleware/shibboleth/common/Credentials.java
+++ b/src/edu/internet2/middleware/shibboleth/common/Credentials.java
@@ -517,6 +517,15 @@ class FileCredentialResolver implements CredentialResolver {
                                                inputBytes.toByteArray(),
                                                "-----BEGIN DSA PRIVATE KEY-----",
                                                "-----END DSA PRIVATE KEY-----"));
+                                               
+                       } else if (str.matches("^.*-----BEGIN ENCRYPTED PRIVATE KEY-----.*$")) {
+                               in.close();
+                               log.debug("Key appears to be DSA in raw format.");
+                               return getEncryptedPkcs8Key(
+                                       singleDerFromPEM(
+                                               inputBytes.toByteArray(),
+                                               "-----BEGIN ENCRYPTED PRIVATE KEY-----",
+                                               "-----END ENCRYPTED PRIVATE KEY-----"), password.toCharArray());
                        }
                }
                in.close();

diff --git a/tests/edu/internet2/middleware/shibboleth/common/CredentialsTests.java b/tests/edu/internet2/middleware/shibboleth/common/CredentialsTests.java
index 7e09454..4bc2cd6 100644 (file)
--- a/tests/edu/internet2/middleware/shibboleth/common/CredentialsTests.java
+++ b/tests/edu/internet2/middleware/shibboleth/common/CredentialsTests.java
@@ -433,7 +433,7 @@ public class CredentialsTests extends TestCase {
                }
        }
        
-       public void testKeyStoreX509_PEM_PKCS8_Encrypted_RSA_Key() {
+       public void testKeyStoreX509_DER_PKCS8_Encrypted_RSA_Key() {
 
                try {
                        InputStream inStream = new FileInputStream("data/credentials11.xml");
@@ -463,5 +463,36 @@ public class CredentialsTests extends TestCase {
                        fail("Failed to load credentials: " + e);
                }
        }
+       
+       public void testKeyStoreX509_PEM_PKCS8_Encrypted_RSA_Key() {
+
+               try {
+                       InputStream inStream = new FileInputStream("data/credentials12.xml");
+                       parser.parse(new InputSource(inStream));
+                       Credentials credentials = new Credentials(parser.getDocument().getDocumentElement());
+
+                       assertTrue("Credential could not be found.", credentials.containsCredential("test"));
+                       Credential credential = credentials.getCredential("test");
+
+                       assertTrue(
+                               "Credential was loaded with an incorrect type.",
+                               credential.getCredentialType() == Credential.X509);
+                       assertNotNull("Private key was not loaded correctly.", credential.getPrivateKey());
+                       assertEquals(
+                               "Unexpected X509 certificate found.",
+                               credential.getX509Certificate().getSubjectDN().getName(),
+                               "CN=shib2.internet2.edu, OU=Unknown, O=Unknown, ST=Unknown, C=Unknown");
+                       assertEquals(
+                               "Unexpected certificate chain length.",
+                               new Integer(credential.getX509CertificateChain().length),
+                               new Integer(3));
+                       assertEquals(
+                               "Unexpected X509 certificate found.",
+                               credential.getX509CertificateChain()[2].getSubjectDN().getName(),
+                               "CN=HEPKI Master CA -- 20020701A, OU=Division of Information Technology, O=University of Wisconsin, L=Madison, ST=Wisconsin, C=US");
+               } catch (Exception e) {
+                       fail("Failed to load credentials: " + e);
+               }
+       }
 
 }